what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2006.134

Mandriva Linux Security Advisory 2006.134
Posted Aug 3, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-134 - A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions.

tags | advisory, ruby
systems | linux, mandriva
advisories | CVE-2006-3694
SHA-256 | 6fd312b98f4ecc1065358bb1f845e446f01ac335c208ce0b7bf10c6b1dd51344
Download | Favorite | View

Mandriva Linux Security Advisory 2006.134

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:134
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ruby
 Date    : July 28, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of flaws were discovered in the safe-level restrictions in
 the Ruby language.  Because of these flaws, it would be possible for
 an attacker to create a carefully crafted malicious script that could
 allow them to bypass certain safe-level restrictions.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 8eed80b6fcd6b41fc7c15d617732c97c  2006.0/RPMS/ruby-1.8.2-7.3.20060mdk.i586.rpm
 770370523d64d39b003943cd4363b55d  2006.0/RPMS/ruby-devel-1.8.2-7.3.20060mdk.i586.rpm
 737aad366fda8c8b75ca7b8739bc19bc  2006.0/RPMS/ruby-doc-1.8.2-7.3.20060mdk.i586.rpm
 949de9702c29ffa2519e3c9bd4866127  2006.0/RPMS/ruby-tk-1.8.2-7.3.20060mdk.i586.rpm
 37aaacc8b046ceb135833a201e229d95  2006.0/SRPMS/ruby-1.8.2-7.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 a84ffa78943e7e69c172a824a8804c65  x86_64/2006.0/RPMS/ruby-1.8.2-7.3.20060mdk.x86_64.rpm
 7e4e992fed64a245f8d4450b279f45e5  x86_64/2006.0/RPMS/ruby-devel-1.8.2-7.3.20060mdk.x86_64.rpm
 65a180f269c974a673beb9d35366de5e  x86_64/2006.0/RPMS/ruby-doc-1.8.2-7.3.20060mdk.x86_64.rpm
 db56c49363d539bb66d0ec9975b74c57  x86_64/2006.0/RPMS/ruby-tk-1.8.2-7.3.20060mdk.x86_64.rpm
 37aaacc8b046ceb135833a201e229d95  x86_64/2006.0/SRPMS/ruby-1.8.2-7.3.20060mdk.src.rpm

 Corporate 3.0:
 04ae53b4b5662872aba838c9fbd72466  corporate/3.0/RPMS/ruby-1.8.1-1.6.C30mdk.i586.rpm
 c1e94f6f01fca30ce36227b91e466f21  corporate/3.0/RPMS/ruby-devel-1.8.1-1.6.C30mdk.i586.rpm
 c5019548c2003c1da8a8aa95617c22f4  corporate/3.0/RPMS/ruby-doc-1.8.1-1.6.C30mdk.i586.rpm
 a7e171ffa0477f6da36bdf9707e163b4  corporate/3.0/RPMS/ruby-tk-1.8.1-1.6.C30mdk.i586.rpm
 fb9c099b9c479dbd284e2bcd8d07699f  corporate/3.0/SRPMS/ruby-1.8.1-1.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 20a7d42a40547b1bed6aac4900386537  x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.6.C30mdk.x86_64.rpm
 ef6b2b513036f3f9b6f9e43bbdd83a50  x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.6.C30mdk.x86_64.rpm
 59a038e5c8928e6a81b57984f5260eca  x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.6.C30mdk.x86_64.rpm
 e613282d66e153526b1e6a23062c2e9e  x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.6.C30mdk.x86_64.rpm
 fb9c099b9c479dbd284e2bcd8d07699f  x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.6.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEykoomqjQ0CJFipgRAsaWAJ9mcBNpKEbsAJLL+2rf8taG4nRSOgCgxV/3
YO5uxqMIyBE6dno3W+gKNV0=
=xuDy
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close